-
Notifications
You must be signed in to change notification settings - Fork 82
56 lines (51 loc) · 1.59 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
name: CI
on:
push:
branches: [ 'v7' ]
paths-ignore:
- '**.md' # Don't run CI on markdown changes.
pull_request:
branches: [ 'v7' ]
paths-ignore:
- '**.md'
jobs:
go-versions:
uses: ./.github/workflows/go-versions.yml
# Runs the common tasks (unit tests, lint, benchmarks, installation test)
# against each Go version in the matrix.
go-matrix:
name: ${{ format('Go {0}', matrix.go-version) }}
needs: go-versions
strategy:
# Let jobs fail independently, in case it's a single version that's broken.
fail-fast: false
matrix:
go-version: ${{ fromJSON(needs.go-versions.outputs.matrix) }}
uses: ./.github/workflows/common_ci.yml
with:
go-version: ${{ matrix.go-version }}
# Integration tests run only on the latest Go version since they are more
# time intensive, and we'd likely be rate-limited by LaunchDarkly SaaS if we
# ran them in parallel for multiple Go versions.
integration-test:
needs: go-versions
uses: ./.github/workflows/integration-test.yml
with:
environment: 'staging'
go-version: ${{ needs.go-versions.outputs.latest }}
security-scan:
runs-on: ubuntu-latest
name: "Trivy Scan of Docker Image"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: 'true'
- name: Build Docker Images
run: make products-for-release
- uses: aquasecurity/trivy-action@master
with:
image-ref: launchdarkly/ld-relay:latest
format: 'table'
exit-code: '1'
ignore-unfixed: true